require 'digest/sha2'
class User < ActiveRecord::Base
  acts_as_uuid
  acts_as_auditor

  validates_presence_of :login

  attr_accessor :password, :password_confirmation

  def password=(pass)
    salt = [Array.new(6){rand(256).chr}.join].pack("m").chomp
    self.password_salt, self.password_hash = salt, Digest::SHA256.hexdigest(pass + salt)
  end

  def self.authenticate(username, password)
    user = User.find_by_login(username)
    if user.blank? || Digest::SHA256.hexdigest(password + user.password_salt) != user.password_hash
      user = nil
    end
    user
  end
end
